Date: Thu, 20 Jun 2002 14:14:42 +0200 From: Thomas Seck <tmseck-lists@netcologne.de> To: freebsd-stable@FreeBSD.ORG Subject: Re: IPFW rules on tunX devices Message-ID: <20020620121420.GA1690@laurel.seck.home> In-Reply-To: <20020619165721.B438@gsmx07.alcatel.com.au> References: <20020619165721.B438@gsmx07.alcatel.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
* Peter Jeremy (peter.jeremy@alcatel.com.au):
> I have a situation where I want to have some ipfw rules permanently
> associated with tun0. In 4.5-RELEASE, I just included lines like the
> following in the rules file specified as firewall_type in rc.conf:
> add 11010 allow tcp from 10.2.3.4 to 10.2.3.5 keep-state in recv tun0 setup
>
> In 4.6-RELEASE, the tun devices are created on demand and so tun0
> doesn't exist don't exist when the firewall rules are added. Other
> than starting ppp(8), how do I create tun0? I thought
> ifconfig tun0 create
> would work, but that returns:
> ifconfig: SIOCIFCREATE: Invalid argument
>
> Any suggestions?
From my understanding of ipfw, the interfaces you create rules for do
not necessarily need to exist at creation time for ipfw to apply them
later.
I use ipfw for trivial firewalling [0] on tun* devices since 4.0 w/o
problems. Just ignore "ipfw add"'s warning message about the nonexisting
interface.
[0]
Rules like "reset tcp from any to any in recv tun0 setup" and the like.
Here these rules are created using a fitting /etc/rc.firewall before
ppp(8) is started.
--Thomas
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020620121420.GA1690>